Apple has historically marketed its desktop products as being impervious to the rampant malware that plagued Microsoft systems in the early 2000s, but the iPhone’s swelling popularity has made it a prime target.

According to reports, malware affecting “thousands” of iPhones can steal App Store credentials – but the majority of iOS users remain perfectly safe. Here’s what you need to know about malware and Apple’s approach to mobile security.

What is Malware?

Malware is a portmanteau of ‘malicious’ and ‘software’, and it refers to any software that forcibly gains access to, gathers data from or disrupts the otherwise normal operation of a device – often with damaging consequences.

These varieties of malicious software have been long associated with desktop operating systems. But, for the most part, iOS has somehow escaped the worst of it. Why? Well, some very clever design choices on the part of Apple.

Why is iOS Secure?

Apple designed iOS with an emphasis on security, and made a number of architectural decisions that made it a fundamentally secure system. As a result Apple has ensured that malware on iOS is the exception, not the rule.

Walled Garden

Apple has exercised an incredible amount of control over their platform. This even extends to the sources where users can download apps. The only officially supported and authorized place to get third-party applications is though Apple’s official App Store.

This has done a lot to prevent users from accidentally downloading malware as they browse through the darkest recesses of the Internet. But that’s not all. Apple has a number of stringent security procedures that prevent malware from getting on to the App Store in the first place, including static analysis of all submitted source code.

That said, this system is not foolproof. In 2013, researchers at Georgia Tech managed to submit a malicious program to the App Store. Dubbed ‘Jekyll‘, it could post Tweets, send emails and make calls, all without the permission of the user. Jekyll was removed from the App Store shortly last year.

This technique is called Sandboxing, and is a vital part of the iOS security process. All iOS applications are sandboxed from each other, ensuring that any avenues for malicious activity are limited.

Permissions

At the core of iOS is a variant of UNIX called BSD. Much like cousin Linux, BSD is secure by design. That is partly due to something called the UNIX security model. This essentially boils down to carefully controlled permissions.

In UNIX, who gets to read, write, delete or execute a file is carefully specified in something called file permissions. Some files are owned by ‘root’, which is effectively a user with what are effectively ‘God permissions’. To change these permissions, or to access these files, one has to open them as the ‘root’ user.

Root access can also be used to execute arbitrary code, which can be dangerous to the system. Apple intentionally denies users root access. For the majority of iOS users, there’s no real need for it.

As a result of Apple’s security architecture, malware affecting iOS devices is unfathomably rare. Of course there is one exception: jailbroken devices.

At present there is a very real threat from malware targeting jailbroken devices called AppBuyer, and getting infected can cost you dearly.

iPhone Malware In The Wild

Well-known and respected network security firm PaloAlto Networks recently encountered an iOS virus in the wild that has infected thousands of iOS devices. They called it AppBuyer, due to how it steals App Store credentials, and then purchases applications.

It’s not been definitively proven how it infects devices, but what is known is that it can only infect devices have been jailbroken. Once installed, AppBuyer waits for victims to connect to the legitimate App Store, and intercepts their username and password in transit. This is then forwarded to a command and control server.

Shortly after, the malware downloads some more malicious software that is disguised as a utility for unlocking .GZIP files. This uses the user’s credentials to purchase multiple applications from the official App Store.

There’s no clear way of removing AppBuyer. The official advice from Palo Alto Networks is to not jailbreak your iOS devices in the first place. Should you get infected, you’d be well advised to reset your Apple credentials, and to reinstall the stock iOS operating system.

An Unclear Yet Present Threat

In short: yes, your iPhone can get infected with malware. But realistically, this is only possible if you jailbreak it. Want a secure iPhone? Don’t jailbreak it. Want a super-secure iPhone? Read into hardening.

Do you jailbreak your phone? Had any security issues? Tell me about it, the comments box is below.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Gary

June 20, 2016 at 4:01 am

I keep getting a pop up ad saying I've won a new iPhone- I can get past it. I've tried the pop up block apps to no avail. It large lay happens when playing words with friends- it started after I received an email from att called att protect. Connected? What can I do?

Hello , i got an email as if it was from whatsapp that I received a warning sound message , i opened it , it was a zipped folder , i am too terrified, of ppl trying to get access to my content, should i ?

I bought my iPhone 4S new from an apple store (not recently, obviously) and I have never made any attempt to jailbreak it. Nonetheless, about a month ago, what I can only imagine is some form of malware started causing problems for me rendering the internet aspects of my phone usage nearly unusable. Whether I am using Safari directly, trying to read an article I linked to from facebook, or even just trying to open a flyer from an email in the gmail app, the same thing keeps happening: a few seconds after the page loads, it redirects me to some stupid website such as a dating website, or nonsense about me having been selected for a free iPhone 6, or some other junk. I cannot simply click back to the site I was trying to view. It is extremely frustrating. It took me about 4 attempts just to be able to load this article to read without being redirected.

Everything I read tells me that iPhones can only get malware or viruses if they have been jailbroken. My phone has not been jailbroken. So, if this isn't malware, what is it and what can I do about it?

Some thing similar happened to me one day I went on safari I clicked on the website I was trying to go on and it said right away that your iOS might danger etc and I know that means you have malware if you are on a pc but what I've hear you only can get it if you have jail broken your iPhone I never jail broken this iPhone so is the website a troll or something what do I do ? I've actually have got malware on my of once and when you get malware on a website it stats reading what going to happen to computer and it's black letters on a blue background but mine was black red letters with a white background and my iPhone did not read it and I was able to leave because a pop out popes out saying to close this website and I clicked close and the pop out was a apple pop out it wasn't a random pop out it was a like any pop out from Apple you would get like when you get notification do I have malware?

To claim a number of reports say that many iPhones are infected with malware is based on the principle that most reporters are dumber than fenceposts and usually just copy any asinine statements made by other fenceposts.
In fairness to the author, this is a good article and does point out the dangers of jailbreaking an iPhone. He is one of the few that see the problem for what it is and not as a way of creating click-bait titles.
Thank you.

iOS devices and apps are also subject to Javascript attacks. While those attacks don't meet the technical definition of malware, there's no modern web browser on any platform that's immune to having a rogue script using saved credentials from its password manager to do something undesirable.

Matthew Hughes is a software developer and writer from Liverpool, England. He is seldom found without a cup of strong black coffee in his hand and absolutely adores his Macbook Pro and his camera. You can read his blog at http://www.matthewhughes.co.uk and follow him on twitter at @matthewhughes.